Wuzhi CMS 4.1.0 Cross Site Scripting


Wuzhi CMS is a high-performance open source content management system, support LNAMP architecture, suitable for portal sites, corporate website, mobile website, WeChat promotion.Wuzhi CMS adopts the MVC architecture and supports Framework and www accessible path separation deployment,database read and write separation and big data.

Wuzhi CMS has been proven to have a reflective cross-site scripting vulnerability.

The vulnerability allows arbitrary HTML or script code to be executed in the victim's browser.

CVE-2018-10313,the url path with the xss vulnerability is index.php?m=member&f=index&v=profile&set_iframe=1

CVE-2018-10311,the url path with the xss vulnerability is index.php?m=tags&f=index&v=add&&_su=wuzhicms&_menuid=?&_submenuid=?

attackers can execute malicious code in the victim's browser to perform various activities, such as stealing cookies, session tokens, credentials, and personal data.